Bleeding Life 2 is an exploit pack that affects the web browsers on the Microsoft Windows operating system with remote code execution buffer overflows. Special thanks to Teknical for his contributions to this article.

Disclaimer

By obtaining this software, you are solely responsible for its use and for the consequences that may occur as a result of the use of the software. This software is intended solely for the purposes of vulnerability and penetration testing in a lab environment or on a private computer network that you own. This software is not intended to be placed on a public network (i.e The Internet). This software is not intended to be used maliciously in any way. Use of this software for malicious purposes could lead to you being held criminally liable for any damages caused. You agree to indemnify, hold harmless, and otherwise not sue or hold liable, the authors, or anyone else associated with this software against all claims, damages, legal fees, costs, or other payments. Not for use by cybercriminals.

Download HERE

Features

Bleeding Life 2 has a variety of exploits and statistics features.

Exploits

Adobe

• CVE-2008-2992
• CVE-2010-1297
• CVE-2010-2884
• CVE-2010-0188

Java

• CVE-2010-0842
• CVE-2010-3552
• Signed Applet

Statistics

• Statistics by Exploit
• Statistics by Browser
• Statistics by OS Version

Server Requirements

• MySQL
• PHP
• HTTPD (apache, lighttpd, nginx, etc)

Installation & Configuration

Before running Bleeding Life 2's installer, you must first fill out config.php, which has been thoroughly commented for your ease of use.

The installer is located at $DOCUMENT_ROOT/install. Installation is incredibly easy.

Download

• Download URL: http://www.blackhatlibrary.net/releases/bleeding-life-2.tgz

These are the offensive security tools developed by our wiki staff. Vanguard - web application vulnerability testing engine written in Perl Jynx2 - A second version of the classic LD_Preload Jynx Rootkit written in C Bleeding Life - PHP and MySQL powered web browser buffer overflow exploit pack GScrape - Perl based google scraper for finding vulnerable websites Kolkata - Configurable web application fingerprinting engine using file checksums written in Perl Lfi_autopwn.pl - automatically spawn a shell using a File inclusion exploit, written in Perl. MySql 5 Enumeration - automatically map the contents of a remote database given a URL vulnerable to SQL injection, written in Perl Social Network Forgery Utility - Rickroll your friends with this PHP content forgery generation utility.